Same boat, but haven't had time to troubleshoot it. Meanwhile, I'll add $0.02...
I have no problem logging at piefed.social, but do have trouble at feddit.online
this post was submitted on 03 Feb 2026
15 points (100.0% liked)
Voyager
7958 readers
40 users here now
The official lemmy community for Voyager, an open source, mobile-first client for lemmy.
Rules
- Be nice.
- lemmy.world instance policy
Sponsor development! 👇
💙
founded 2 years ago
MODERATORS
Very odd thing. Sometimes I am able to log in via Voyager. Mostly not.
At one point I put a space after the user name, and then it logged me in. Once I didn't, and it logged me in. But it isn't consistent. The server is complaining that there's a problem in the request format. i don't see anything different that allowed the log in those 2 times.
I can confirm that my feddit.online account isn't working with Voyager for whatever reason. I was able to log in with a couple of other piefed instances without issue.
Tagging @jerry@feddit.online for visibility.
Edit: I just tried Boost and it worked with my feddit account. Could be something really weird going on.
I used to be able to log in via Voyager. I don't know what changed. I get a message that Voyager doesn't support signups via Piefed. Is this what you see?
I'll have to look at this tonight. Maybe it's a firewall issue? Rimu, @rimu@piefed.social, any suggestions on where to start?
Do you have any nginx rules which block scrapers by inspecting the user agent string? Perhaps that's catching Voyager.
Nope. I posted below what is coming into the server. The only thing I can think of is that the referrer is coming in as https://localhost/inbox which might explain the 400 error (Bad Request). Does your nginx configuration drop incoming cookies for the login endpoint?
I have to look again because it was a while ago, but I do block some user agent strings, but if I'm blocking Voyager this way, I really screwed up.
Another possibility is that Cloudflare is presenting a managed challenge during sign up.
You can't register from within Voyager, but you can log in to an existing (the button on the lower right of the adding an account screen). The reason you can't register a new piefed account in Voyager is because that functionality doesn't exist in the API yet.
I was able to log in to feddit just fine using curl, so it seems to be voyager-specific. Not sure if there might be an errant cloudflare challenge or other kind of proxy-level filtering that it might be getting caught up in.
Not sure if @aeharding@vger.social might have suggestions for how to help ID the issue or get a more descriptive error message.
This is helpful. Thanks.
Can you share the curl command? Seems like something worth keeping in my notes and will help me in looking more closely at the firewall rules.
Here you go:
curl --request POST \
--url https://feddit.online/api/alpha/user/login \
--header 'Content-Type: application/json' \
--data '{
"username": "your_username",
"password": "your_password"
}'
The Cloudflare WAF log shows that it allowed the login request to go through. I'll have to look more this evening.
Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request)
@x..@x..
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664
E....3@.@...............kz.....n...........
@x..@x..POST /api/alpha/user/login HTTP/1.1
X-Forwarded-For: 162.120.199.186, 172.70.111.121
X-Forwarded-Proto: https
Host: feddit.online
Content-Length: 56
accept-language: en-US,en;q=0.5
content-type: application/json
accept-encoding: gzip, br
cf-ray: 9c85ae25b9720f65-EWR
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)
cdn-loop: cloudflare; loops=1
cf-connecting-ip: 162.120.199.186
cf-ipcountry: US
cf-visitor: {"scheme":"https"}
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo
{"password":"<hidden>","username":"testuser"}
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712
E.....@.@.CB.............BO.+Ngj..Vk.......
The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ
This decodes to a referrer of: https://localhost/inbox
I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?
I'm grasping at straws.
When I do a curl request to the feddit.online API endpoint I can log in fine. If I use an invalid password I get the expected error message.
rimu@rimu-mate2 ~ $ curl --request POST \
--url https://feddit.online/api/alpha/user/login \
--header 'Content-Type: application/json' \
--data '{
"username": "rimu",
"password": "valid password"
}'
{"jwt":"some gibberish"}
rimu@rimu-mate2 ~ $ curl --request POST --url https://feddit.online/api/alpha/user/login --header 'Content-Type: application/json' --data '{
"username": "rimu",
"password": "invalid password"
}'
{"code":400,"message":"incorrect_login","status":"Bad Request"}
@rimu@piefed.social
But the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.
I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?
The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.
Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.
Pinging @rimu@piefed.social for help as well.
I don't think the referer is checked at all for api endpoints, so I doubt that is the issue.
I've just logged in with my Piefed account after seeing your post. Other than me accidentally tapping sign up instead of log in, there were no issues.
I'm on Piefed.social and used Bitwarden to autofill my credentials. I'm using Android 16 with Voyager 2.35 I think (I'll correct this once I've posted), and am using my home wifi with no VPN. I use Adguard Home and Cloudflare for my DNS, and am in the UK. I can't think of anything else that might make a difference, so I'll end my comment there 😋
Hmmm I wonder if it’s because I’m on iOS devices? I get it on both my iPhone and my iPad.
Are you sure it isn’t an instance issue? Posting this via Voyager from my piefed.social account.
I am not sure of anything, but since it looks like login is working using curl elsewhere in the thread, it feels like a client issue?